[Git][security-tracker-team/security-tracker][master] Track fixed version via unstable for a couple of tomcat9 issues

Salvatore Bonaccorso carnil at debian.org
Tue Feb 25 05:38:31 GMT 2020 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
2f360458 by Salvatore Bonaccorso at 2020-02-25T06:37:59+01:00
Track fixed version via unstable for a couple of tomcat9 issues

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -18177,7 +18177,7 @@ CVE-2020-1939
 	RESERVED
 CVE-2020-1938 [Tomcat AJP local file inclusion]
 	RESERVED
-	- tomcat9 <unfixed> (bug #952437)
+	- tomcat9 9.0.31-1 (bug #952437)
 	- tomcat8 <removed> (bug #952438)
 	- tomcat7 <removed> (bug #952436)
 	NOTE: AJP disabled in Debian in default configuration since 2008
@@ -18204,7 +18204,7 @@ CVE-2020-1936
 	RESERVED
 CVE-2020-1935
 	RESERVED
-	- tomcat9 <unfixed>
+	- tomcat9 9.0.31-1
 	- tomcat8 <removed>
 	- tomcat7 <removed>
 	NOTE: https://github.com/apache/tomcat/commit/8bfb0ff7f25fe7555a5eb2f7984f73546c11aa26 (9.0.31)
@@ -26927,7 +26927,7 @@ CVE-2019-17570 (An untrusted deserialization was found in the org.apache.xmlrpc.
 	NOTE: https://github.com/orangecertcc/xmlrpc-common-deserialization
 CVE-2019-17569
 	RESERVED
-	- tomcat9 <unfixed>
+	- tomcat9 9.0.31-1
 	- tomcat8 <removed>
 	- tomcat7 <removed>
 	NOTE: https://github.com/apache/tomcat/commit/060ecc5eb839208687b7fcc9e35287ac8eb46998 (9.0.31)
@@ -26945,7 +26945,7 @@ CVE-2019-17564
 	RESERVED
 CVE-2019-17563 (When using FORM authentication with Apache Tomcat 9.0.0.M1 to 9.0.29,  ...)
 	{DSA-4596-1 DLA-2077-1}
-	- tomcat9 <unfixed>
+	- tomcat9 9.0.31-1
 	- tomcat8 <removed>
 	- tomcat7 <removed>
 	NOTE: https://github.com/apache/tomcat/commit/1ecba14e690cf5f3f143eef6ae7037a6d3c16652 (9.0.30)
@@ -43609,7 +43609,7 @@ CVE-2019-12419 (Apache CXF before 3.3.4 and 3.2.11 provides all of the component
 	NOT-FOR-US: Apache CFX
 CVE-2019-12418 (When Apache Tomcat 9.0.0.M1 to 9.0.28, 8.5.0 to 8.5.47, 7.0.0 and 7.0. ...)
 	{DSA-4596-1 DLA-2077-1}
-	- tomcat9 <unfixed>
+	- tomcat9 9.0.31-1
 	- tomcat8 <removed>
 	- tomcat7 <removed>
 	NOTE: https://github.com/apache/tomcat/commit/1fc9f589dbdd8295cf313b2667ab041c425f99c3 (9.0.29)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/2f360458fde97267147408b955e0595127da0350

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/2f360458fde97267147408b955e0595127da0350
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20200225/4ad697b4/attachment.html>

More information about the debian-security-tracker-commits mailing list